|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/src/libImaging/FliDecode.c Pillow-7.2.0-new/src/libImaging/FliDecode.c
|
|
|
b666aef |
--- Pillow-7.2.0/src/libImaging/FliDecode.c 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/src/libImaging/FliDecode.c 2021-07-24 22:47:24.147288432 +0200
|
|
|
b666aef |
@@ -242,6 +242,11 @@ ImagingFliDecode(Imaging im, ImagingCode
|
|
|
b666aef |
return -1;
|
|
|
b666aef |
}
|
|
|
b666aef |
advance = I32(ptr);
|
|
|
b666aef |
+ if (advance == 0 ) {
|
|
|
b666aef |
+ // If there's no advance, we're in an infinite loop
|
|
|
b666aef |
+ state->errcode = IMAGING_CODEC_BROKEN;
|
|
|
b666aef |
+ return -1;
|
|
|
b666aef |
+ }
|
|
|
b666aef |
if (advance < 0 || advance > bytes) {
|
|
|
b666aef |
state->errcode = IMAGING_CODEC_OVERRUN;
|
|
|
b666aef |
return -1;
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/src/libImaging/Jpeg2KDecode.c Pillow-7.2.0-new/src/libImaging/Jpeg2KDecode.c
|
|
|
b666aef |
--- Pillow-7.2.0/src/libImaging/Jpeg2KDecode.c 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/src/libImaging/Jpeg2KDecode.c 2021-07-24 22:47:24.148288510 +0200
|
|
|
b666aef |
@@ -589,7 +589,7 @@ j2k_decode_entry(Imaging im, ImagingCode
|
|
|
b666aef |
j2k_unpacker_t unpack = NULL;
|
|
|
b666aef |
size_t buffer_size = 0, tile_bytes = 0;
|
|
|
b666aef |
unsigned n, tile_height, tile_width;
|
|
|
b666aef |
- int components;
|
|
|
b666aef |
+ int total_component_width = 0;
|
|
|
b666aef |
|
|
|
b666aef |
|
|
|
b666aef |
stream = opj_stream_create(BUFFER_SIZE, OPJ_TRUE);
|
|
|
b666aef |
@@ -751,23 +751,40 @@ j2k_decode_entry(Imaging im, ImagingCode
|
|
|
b666aef |
goto quick_exit;
|
|
|
b666aef |
}
|
|
|
b666aef |
|
|
|
b666aef |
+ if (tile_info.nb_comps != image->numcomps) {
|
|
|
b666aef |
+ state->errcode = IMAGING_CODEC_BROKEN;
|
|
|
b666aef |
+ state->state = J2K_STATE_FAILED;
|
|
|
b666aef |
+ goto quick_exit;
|
|
|
b666aef |
+ }
|
|
|
b666aef |
+
|
|
|
b666aef |
/* Sometimes the tile_info.datasize we get back from openjpeg
|
|
|
b666aef |
- is less than numcomps*w*h, and we overflow in the
|
|
|
b666aef |
+ is less than sum(comp_bytes)*w*h, and we overflow in the
|
|
|
b666aef |
shuffle stage */
|
|
|
b666aef |
|
|
|
b666aef |
tile_width = tile_info.x1 - tile_info.x0;
|
|
|
b666aef |
tile_height = tile_info.y1 - tile_info.y0;
|
|
|
b666aef |
- components = tile_info.nb_comps == 3 ? 4 : tile_info.nb_comps;
|
|
|
b666aef |
- if (( tile_width > UINT_MAX / components ) ||
|
|
|
b666aef |
- ( tile_height > UINT_MAX / components ) ||
|
|
|
b666aef |
- ( tile_width > UINT_MAX / (tile_height * components )) ||
|
|
|
b666aef |
- ( tile_height > UINT_MAX / (tile_width * components ))) {
|
|
|
b666aef |
+
|
|
|
b666aef |
+ /* Total component width = sum (component_width) e.g, it's
|
|
|
b666aef |
+ legal for an la file to have a 1 byte width for l, and 4 for
|
|
|
b666aef |
+ a, and then a malicious file could have a smaller tile_bytes
|
|
|
b666aef |
+ */
|
|
|
b666aef |
+
|
|
|
b666aef |
+ for (n=0; n < tile_info.nb_comps; n++) {
|
|
|
b666aef |
+ // see csize /acsize calcs
|
|
|
b666aef |
+ int csize = (image->comps[n].prec + 7) >> 3;
|
|
|
b666aef |
+ csize = (csize == 3) ? 4 : csize;
|
|
|
b666aef |
+ total_component_width += csize;
|
|
|
b666aef |
+ }
|
|
|
b666aef |
+ if ((tile_width > UINT_MAX / total_component_width) ||
|
|
|
b666aef |
+ (tile_height > UINT_MAX / total_component_width) ||
|
|
|
b666aef |
+ (tile_width > UINT_MAX / (tile_height * total_component_width)) ||
|
|
|
b666aef |
+ (tile_height > UINT_MAX / (tile_width * total_component_width))) {
|
|
|
b666aef |
state->errcode = IMAGING_CODEC_BROKEN;
|
|
|
b666aef |
state->state = J2K_STATE_FAILED;
|
|
|
b666aef |
goto quick_exit;
|
|
|
b666aef |
}
|
|
|
b666aef |
|
|
|
b666aef |
- tile_bytes = tile_width * tile_height * components;
|
|
|
b666aef |
+ tile_bytes = tile_width * tile_height * total_component_width;
|
|
|
b666aef |
|
|
|
b666aef |
if (tile_bytes > tile_info.data_size) {
|
|
|
b666aef |
tile_info.data_size = tile_bytes;
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/BlpImagePlugin.py Pillow-7.2.0-new/src/PIL/BlpImagePlugin.py
|
|
|
0647175 |
--- Pillow-7.2.0/src/PIL/BlpImagePlugin.py 2021-07-24 22:47:24.108285364 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/src/PIL/BlpImagePlugin.py 2021-07-24 22:47:24.163289691 +0200
|
|
|
b666aef |
@@ -286,33 +286,36 @@ class _BLPBaseDecoder(ImageFile.PyDecode
|
|
|
b666aef |
raise OSError("Truncated Blp file") from e
|
|
|
b666aef |
return 0, 0
|
|
|
b666aef |
|
|
|
b666aef |
+ def _safe_read(self, length):
|
|
|
b666aef |
+ return ImageFile._safe_read(self.fd, length)
|
|
|
b666aef |
+
|
|
|
b666aef |
def _read_palette(self):
|
|
|
b666aef |
ret = []
|
|
|
b666aef |
for i in range(256):
|
|
|
b666aef |
try:
|
|
|
b666aef |
- b, g, r, a = struct.unpack("<4B", self.fd.read(4))
|
|
|
b666aef |
+ b, g, r, a = struct.unpack("<4B", self._safe_read(4))
|
|
|
b666aef |
except struct.error:
|
|
|
b666aef |
break
|
|
|
b666aef |
ret.append((b, g, r, a))
|
|
|
b666aef |
return ret
|
|
|
b666aef |
|
|
|
b666aef |
def _read_blp_header(self):
|
|
|
b666aef |
- (self._blp_compression,) = struct.unpack("
|
|
|
b666aef |
+ (self._blp_compression,) = struct.unpack("
|
|
|
b666aef |
|
|
|
b666aef |
- (self._blp_encoding,) = struct.unpack("
|
|
|
b666aef |
- (self._blp_alpha_depth,) = struct.unpack("
|
|
|
b666aef |
- (self._blp_alpha_encoding,) = struct.unpack("
|
|
|
b666aef |
- (self._blp_mips,) = struct.unpack("
|
|
|
b666aef |
+ (self._blp_encoding,) = struct.unpack("
|
|
|
b666aef |
+ (self._blp_alpha_depth,) = struct.unpack("
|
|
|
b666aef |
+ (self._blp_alpha_encoding,) = struct.unpack("
|
|
|
b666aef |
+ (self._blp_mips,) = struct.unpack("
|
|
|
b666aef |
|
|
|
b666aef |
- self.size = struct.unpack("
|
|
|
b666aef |
+ self.size = struct.unpack("
|
|
|
b666aef |
|
|
|
b666aef |
if self.magic == b"BLP1":
|
|
|
b666aef |
# Only present for BLP1
|
|
|
b666aef |
- (self._blp_encoding,) = struct.unpack("
|
|
|
b666aef |
- (self._blp_subtype,) = struct.unpack("
|
|
|
b666aef |
+ (self._blp_encoding,) = struct.unpack("
|
|
|
b666aef |
+ (self._blp_subtype,) = struct.unpack("
|
|
|
b666aef |
|
|
|
b666aef |
- self._blp_offsets = struct.unpack("<16I", self.fd.read(16 * 4))
|
|
|
b666aef |
- self._blp_lengths = struct.unpack("<16I", self.fd.read(16 * 4))
|
|
|
b666aef |
+ self._blp_offsets = struct.unpack("<16I", self._safe_read(16 * 4))
|
|
|
b666aef |
+ self._blp_lengths = struct.unpack("<16I", self._safe_read(16 * 4))
|
|
|
b666aef |
|
|
|
b666aef |
|
|
|
b666aef |
class BLP1Decoder(_BLPBaseDecoder):
|
|
|
b666aef |
@@ -324,7 +327,7 @@ class BLP1Decoder(_BLPBaseDecoder):
|
|
|
b666aef |
if self._blp_encoding in (4, 5):
|
|
|
b666aef |
data = bytearray()
|
|
|
b666aef |
palette = self._read_palette()
|
|
|
b666aef |
- _data = BytesIO(self.fd.read(self._blp_lengths[0]))
|
|
|
b666aef |
+ _data = BytesIO(self._safe_read(self._blp_lengths[0]))
|
|
|
b666aef |
while True:
|
|
|
b666aef |
try:
|
|
|
b666aef |
(offset,) = struct.unpack("
|
|
|
b666aef |
@@ -346,10 +349,10 @@ class BLP1Decoder(_BLPBaseDecoder):
|
|
|
b666aef |
def _decode_jpeg_stream(self):
|
|
|
b666aef |
from PIL.JpegImagePlugin import JpegImageFile
|
|
|
b666aef |
|
|
|
b666aef |
- (jpeg_header_size,) = struct.unpack("
|
|
|
b666aef |
- jpeg_header = self.fd.read(jpeg_header_size)
|
|
|
b666aef |
- self.fd.read(self._blp_offsets[0] - self.fd.tell()) # What IS this?
|
|
|
b666aef |
- data = self.fd.read(self._blp_lengths[0])
|
|
|
b666aef |
+ (jpeg_header_size,) = struct.unpack("
|
|
|
b666aef |
+ jpeg_header = self._safe_read(jpeg_header_size)
|
|
|
b666aef |
+ self._safe_read(self._blp_offsets[0] - self.fd.tell()) # What IS this?
|
|
|
b666aef |
+ data = self._safe_read(self._blp_lengths[0])
|
|
|
b666aef |
data = jpeg_header + data
|
|
|
b666aef |
data = BytesIO(data)
|
|
|
b666aef |
image = JpegImageFile(data)
|
|
|
b666aef |
@@ -370,7 +373,7 @@ class BLP2Decoder(_BLPBaseDecoder):
|
|
|
b666aef |
# Uncompressed or DirectX compression
|
|
|
b666aef |
|
|
|
b666aef |
if self._blp_encoding == BLP_ENCODING_UNCOMPRESSED:
|
|
|
b666aef |
- _data = BytesIO(self.fd.read(self._blp_lengths[0]))
|
|
|
b666aef |
+ _data = BytesIO(self._safe_read(self._blp_lengths[0]))
|
|
|
b666aef |
while True:
|
|
|
b666aef |
try:
|
|
|
b666aef |
(offset,) = struct.unpack("
|
|
|
b666aef |
@@ -384,20 +387,20 @@ class BLP2Decoder(_BLPBaseDecoder):
|
|
|
b666aef |
linesize = (self.size[0] + 3) // 4 * 8
|
|
|
b666aef |
for yb in range((self.size[1] + 3) // 4):
|
|
|
b666aef |
for d in decode_dxt1(
|
|
|
b666aef |
- self.fd.read(linesize), alpha=bool(self._blp_alpha_depth)
|
|
|
b666aef |
+ self._safe_read(linesize), alpha=bool(self._blp_alpha_depth)
|
|
|
b666aef |
):
|
|
|
b666aef |
data += d
|
|
|
b666aef |
|
|
|
b666aef |
elif self._blp_alpha_encoding == BLP_ALPHA_ENCODING_DXT3:
|
|
|
b666aef |
linesize = (self.size[0] + 3) // 4 * 16
|
|
|
b666aef |
for yb in range((self.size[1] + 3) // 4):
|
|
|
b666aef |
- for d in decode_dxt3(self.fd.read(linesize)):
|
|
|
b666aef |
+ for d in decode_dxt3(self._safe_read(linesize)):
|
|
|
b666aef |
data += d
|
|
|
b666aef |
|
|
|
b666aef |
elif self._blp_alpha_encoding == BLP_ALPHA_ENCODING_DXT5:
|
|
|
b666aef |
linesize = (self.size[0] + 3) // 4 * 16
|
|
|
b666aef |
for yb in range((self.size[1] + 3) // 4):
|
|
|
b666aef |
- for d in decode_dxt5(self.fd.read(linesize)):
|
|
|
b666aef |
+ for d in decode_dxt5(self._safe_read(linesize)):
|
|
|
b666aef |
data += d
|
|
|
b666aef |
else:
|
|
|
b666aef |
raise BLPFormatError(
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/EpsImagePlugin.py Pillow-7.2.0-new/src/PIL/EpsImagePlugin.py
|
|
|
b666aef |
--- Pillow-7.2.0/src/PIL/EpsImagePlugin.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/src/PIL/EpsImagePlugin.py 2021-07-24 22:47:24.163289691 +0200
|
|
|
b666aef |
@@ -170,12 +170,12 @@ class PSFile:
|
|
|
b666aef |
self.fp.seek(offset, whence)
|
|
|
b666aef |
|
|
|
b666aef |
def readline(self):
|
|
|
b666aef |
- s = self.char or b""
|
|
|
b666aef |
+ s = [self.char or b""]
|
|
|
b666aef |
self.char = None
|
|
|
b666aef |
|
|
|
b666aef |
c = self.fp.read(1)
|
|
|
b666aef |
- while c not in b"\r\n":
|
|
|
b666aef |
- s = s + c
|
|
|
b666aef |
+ while (c not in b"\r\n") and len(c):
|
|
|
b666aef |
+ s.append(c)
|
|
|
b666aef |
c = self.fp.read(1)
|
|
|
b666aef |
|
|
|
b666aef |
self.char = self.fp.read(1)
|
|
|
b666aef |
@@ -183,7 +183,7 @@ class PSFile:
|
|
|
b666aef |
if self.char in b"\r\n":
|
|
|
b666aef |
self.char = None
|
|
|
b666aef |
|
|
|
b666aef |
- return s.decode("latin-1")
|
|
|
b666aef |
+ return b"".join(s).decode("latin-1")
|
|
|
b666aef |
|
|
|
b666aef |
|
|
|
b666aef |
def _accept(prefix):
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/ImageFile.py Pillow-7.2.0-new/src/PIL/ImageFile.py
|
|
|
b666aef |
--- Pillow-7.2.0/src/PIL/ImageFile.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/src/PIL/ImageFile.py 2021-07-24 22:47:24.164289769 +0200
|
|
|
b666aef |
@@ -551,12 +551,18 @@ def _safe_read(fp, size):
|
|
|
b666aef |
|
|
|
b666aef |
:param fp: File handle. Must implement a read method.
|
|
|
b666aef |
:param size: Number of bytes to read.
|
|
|
b666aef |
- :returns: A string containing up to size bytes of data.
|
|
|
b666aef |
+ :returns: A string containing size bytes of data.
|
|
|
b666aef |
+
|
|
|
b666aef |
+ Raises an OSError if the file is truncated and the read cannot be completed
|
|
|
b666aef |
+
|
|
|
b666aef |
"""
|
|
|
b666aef |
if size <= 0:
|
|
|
b666aef |
return b""
|
|
|
b666aef |
if size <= SAFEBLOCK:
|
|
|
b666aef |
- return fp.read(size)
|
|
|
b666aef |
+ data = fp.read(size)
|
|
|
b666aef |
+ if len(data) < size:
|
|
|
b666aef |
+ raise OSError("Truncated File Read")
|
|
|
b666aef |
+ return data
|
|
|
b666aef |
data = []
|
|
|
b666aef |
while size > 0:
|
|
|
b666aef |
block = fp.read(min(size, SAFEBLOCK))
|
|
|
b666aef |
@@ -564,6 +570,8 @@ def _safe_read(fp, size):
|
|
|
b666aef |
break
|
|
|
b666aef |
data.append(block)
|
|
|
b666aef |
size -= len(block)
|
|
|
b666aef |
+ if sum(len(d) for d in data) < size:
|
|
|
b666aef |
+ raise OSError("Truncated File Read")
|
|
|
b666aef |
return b"".join(data)
|
|
|
b666aef |
|
|
|
b666aef |
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/ImageFont.py Pillow-7.2.0-new/src/PIL/ImageFont.py
|
|
|
9d3a3d4 |
--- Pillow-7.2.0/src/PIL/ImageFont.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/src/PIL/ImageFont.py 2021-07-24 22:47:24.165289848 +0200
|
|
|
9d3a3d4 |
@@ -472,6 +472,7 @@ class FreeTypeFont:
|
|
|
9d3a3d4 |
text, mode == "1", direction, features, language
|
|
|
9d3a3d4 |
)
|
|
|
9d3a3d4 |
size = size[0] + stroke_width * 2, size[1] + stroke_width * 2
|
|
|
9d3a3d4 |
+ Image._decompression_bomb_check(size)
|
|
|
9d3a3d4 |
im = fill("L", size, 0)
|
|
|
9d3a3d4 |
self.font.render(
|
|
|
9d3a3d4 |
text, im.id, mode == "1", direction, features, language, stroke_width
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/src/PIL/PsdImagePlugin.py Pillow-7.2.0-new/src/PIL/PsdImagePlugin.py
|
|
|
9d3a3d4 |
--- Pillow-7.2.0/src/PIL/PsdImagePlugin.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/src/PIL/PsdImagePlugin.py 2021-07-24 22:47:24.165289848 +0200
|
|
|
9d3a3d4 |
@@ -117,7 +117,8 @@ class PsdImageFile(ImageFile.ImageFile):
|
|
|
9d3a3d4 |
end = self.fp.tell() + size
|
|
|
9d3a3d4 |
size = i32(read(4))
|
|
|
9d3a3d4 |
if size:
|
|
|
9d3a3d4 |
- self.layers = _layerinfo(self.fp)
|
|
|
9d3a3d4 |
+ _layer_data = io.BytesIO(ImageFile._safe_read(self.fp, size))
|
|
|
9d3a3d4 |
+ self.layers = _layerinfo(_layer_data, size)
|
|
|
9d3a3d4 |
self.fp.seek(end)
|
|
|
9d3a3d4 |
self.n_frames = len(self.layers)
|
|
|
9d3a3d4 |
self.is_animated = self.n_frames > 1
|
|
|
9d3a3d4 |
@@ -169,11 +170,20 @@ class PsdImageFile(ImageFile.ImageFile):
|
|
|
9d3a3d4 |
self.__fp = None
|
|
|
9d3a3d4 |
|
|
|
9d3a3d4 |
|
|
|
9d3a3d4 |
-def _layerinfo(file):
|
|
|
9d3a3d4 |
+def _layerinfo(fp, ct_bytes):
|
|
|
9d3a3d4 |
# read layerinfo block
|
|
|
9d3a3d4 |
layers = []
|
|
|
9d3a3d4 |
- read = file.read
|
|
|
9d3a3d4 |
- for i in range(abs(i16(read(2)))):
|
|
|
b666aef |
+
|
|
|
9d3a3d4 |
+ def read(size):
|
|
|
9d3a3d4 |
+ return ImageFile._safe_read(fp, size)
|
|
|
b666aef |
+
|
|
|
9d3a3d4 |
+ ct = i16(read(2))
|
|
|
b666aef |
+
|
|
|
9d3a3d4 |
+ # sanity check
|
|
|
9d3a3d4 |
+ if ct_bytes < (abs(ct) * 20):
|
|
|
9d3a3d4 |
+ raise SyntaxError("Layer block too short for number of layers requested")
|
|
|
b666aef |
+
|
|
|
b666aef |
+ for i in range(abs(ct)):
|
|
|
b666aef |
|
|
|
b666aef |
# bounding box
|
|
|
b666aef |
y0 = i32(read(4))
|
|
|
b666aef |
@@ -184,7 +194,8 @@ def _layerinfo(file):
|
|
|
b666aef |
# image info
|
|
|
b666aef |
info = []
|
|
|
b666aef |
mode = []
|
|
|
b666aef |
- types = list(range(i16(read(2))))
|
|
|
b666aef |
+ ct_types = i16(read(2))
|
|
|
b666aef |
+ types = list(range(ct_types))
|
|
|
b666aef |
if len(types) > 4:
|
|
|
b666aef |
continue
|
|
|
b666aef |
|
|
|
b666aef |
@@ -217,16 +228,16 @@ def _layerinfo(file):
|
|
|
b666aef |
size = i32(read(4)) # length of the extra data field
|
|
|
b666aef |
combined = 0
|
|
|
b666aef |
if size:
|
|
|
b666aef |
- data_end = file.tell() + size
|
|
|
b666aef |
+ data_end = fp.tell() + size
|
|
|
b666aef |
|
|
|
b666aef |
length = i32(read(4))
|
|
|
b666aef |
if length:
|
|
|
b666aef |
- file.seek(length - 16, io.SEEK_CUR)
|
|
|
b666aef |
+ fp.seek(length - 16, io.SEEK_CUR)
|
|
|
b666aef |
combined += length + 4
|
|
|
b666aef |
|
|
|
b666aef |
length = i32(read(4))
|
|
|
b666aef |
if length:
|
|
|
b666aef |
- file.seek(length, io.SEEK_CUR)
|
|
|
b666aef |
+ fp.seek(length, io.SEEK_CUR)
|
|
|
b666aef |
combined += length + 4
|
|
|
b666aef |
|
|
|
b666aef |
length = i8(read(1))
|
|
|
b666aef |
@@ -236,7 +247,7 @@ def _layerinfo(file):
|
|
|
b666aef |
name = read(length).decode("latin-1", "replace")
|
|
|
b666aef |
combined += length + 1
|
|
|
b666aef |
|
|
|
b666aef |
- file.seek(data_end)
|
|
|
b666aef |
+ fp.seek(data_end)
|
|
|
b666aef |
layers.append((name, mode, (x0, y0, x1, y1)))
|
|
|
b666aef |
|
|
|
b666aef |
# get tiles
|
|
|
b666aef |
@@ -244,7 +255,7 @@ def _layerinfo(file):
|
|
|
b666aef |
for name, mode, bbox in layers:
|
|
|
b666aef |
tile = []
|
|
|
b666aef |
for m in mode:
|
|
|
b666aef |
- t = _maketile(file, m, bbox, 1)
|
|
|
b666aef |
+ t = _maketile(fp, m, bbox, 1)
|
|
|
b666aef |
if t:
|
|
|
b666aef |
tile.extend(t)
|
|
|
b666aef |
layers[i] = name, mode, bbox, tile
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_decompression_bomb.py Pillow-7.2.0-new/Tests/test_decompression_bomb.py
|
|
|
b666aef |
--- Pillow-7.2.0/Tests/test_decompression_bomb.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/Tests/test_decompression_bomb.py 2021-07-24 22:47:24.165289848 +0200
|
|
|
b666aef |
@@ -51,6 +51,7 @@ class TestDecompressionBomb:
|
|
|
b666aef |
with Image.open(TEST_FILE):
|
|
|
b666aef |
pass
|
|
|
b666aef |
|
|
|
b666aef |
+ @pytest.mark.xfail(reason="different exception")
|
|
|
b666aef |
def test_exception_ico(self):
|
|
|
b666aef |
with pytest.raises(Image.DecompressionBombError):
|
|
|
b666aef |
Image.open("Tests/images/decompression_bomb.ico")
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_apng.py Pillow-7.2.0-new/Tests/test_file_apng.py
|
|
|
b666aef |
--- Pillow-7.2.0/Tests/test_file_apng.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/Tests/test_file_apng.py 2021-07-24 22:47:24.166289927 +0200
|
|
|
b666aef |
@@ -286,7 +286,7 @@ def test_apng_syntax_errors():
|
|
|
b666aef |
exception = e
|
|
|
b666aef |
assert exception is None
|
|
|
b666aef |
|
|
|
b666aef |
- with pytest.raises(SyntaxError):
|
|
|
b666aef |
+ with pytest.raises(OSError):
|
|
|
b666aef |
with Image.open("Tests/images/apng/syntax_num_frames_high.png") as im:
|
|
|
b666aef |
im.seek(im.n_frames - 1)
|
|
|
b666aef |
im.load()
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_blp.py Pillow-7.2.0-new/Tests/test_file_blp.py
|
|
|
b666aef |
--- Pillow-7.2.0/Tests/test_file_blp.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/Tests/test_file_blp.py 2021-07-24 22:47:24.166289927 +0200
|
|
|
b666aef |
@@ -1,4 +1,5 @@
|
|
|
b666aef |
from PIL import Image
|
|
|
b666aef |
+import pytest
|
|
|
b666aef |
|
|
|
b666aef |
from .helper import assert_image_equal
|
|
|
b666aef |
|
|
|
b666aef |
@@ -19,3 +20,21 @@ def test_load_blp2_dxt1a():
|
|
|
b666aef |
with Image.open("Tests/images/blp/blp2_dxt1a.blp") as im:
|
|
|
b666aef |
with Image.open("Tests/images/blp/blp2_dxt1a.png") as target:
|
|
|
b666aef |
assert_image_equal(im, target)
|
|
|
b666aef |
+
|
|
|
9d3a3d4 |
+@pytest.mark.parametrize(
|
|
|
9d3a3d4 |
+ "test_file",
|
|
|
9d3a3d4 |
+ [
|
|
|
9d3a3d4 |
+ "Tests/images/timeout-060745d3f534ad6e4128c51d336ea5489182c69d.blp",
|
|
|
9d3a3d4 |
+ "Tests/images/timeout-31c8f86233ea728339c6e586be7af661a09b5b98.blp",
|
|
|
9d3a3d4 |
+ "Tests/images/timeout-60d8b7c8469d59fc9ffff6b3a3dc0faeae6ea8ee.blp",
|
|
|
9d3a3d4 |
+ "Tests/images/timeout-8073b430977660cdd48d96f6406ddfd4114e69c7.blp",
|
|
|
9d3a3d4 |
+ "Tests/images/timeout-bba4f2e026b5786529370e5dfe9a11b1bf991f07.blp",
|
|
|
9d3a3d4 |
+ "Tests/images/timeout-d6ec061c4afdef39d3edf6da8927240bb07fe9b7.blp",
|
|
|
9d3a3d4 |
+ "Tests/images/timeout-ef9112a065e7183fa7faa2e18929b03e44ee16bf.blp",
|
|
|
9d3a3d4 |
+ ],
|
|
|
9d3a3d4 |
+)
|
|
|
9d3a3d4 |
+def test_crashes(test_file):
|
|
|
9d3a3d4 |
+ with open(test_file, "rb") as f:
|
|
|
9d3a3d4 |
+ with Image.open(f) as im:
|
|
|
9d3a3d4 |
+ with pytest.raises(OSError):
|
|
|
9d3a3d4 |
+ im.load()
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_eps.py Pillow-7.2.0-new/Tests/test_file_eps.py
|
|
|
9d3a3d4 |
--- Pillow-7.2.0/Tests/test_file_eps.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/Tests/test_file_eps.py 2021-07-24 22:47:24.166289927 +0200
|
|
|
9d3a3d4 |
@@ -256,3 +256,15 @@ def test_emptyline():
|
|
|
9d3a3d4 |
assert image.mode == "RGB"
|
|
|
9d3a3d4 |
assert image.size == (460, 352)
|
|
|
9d3a3d4 |
assert image.format == "EPS"
|
|
|
b666aef |
+
|
|
|
b666aef |
+
|
|
|
9d3a3d4 |
+@pytest.mark.timeout(timeout=5)
|
|
|
9d3a3d4 |
+@pytest.mark.parametrize(
|
|
|
9d3a3d4 |
+ "test_file",
|
|
|
9d3a3d4 |
+ ["Tests/images/timeout-d675703545fee17acab56e5fec644c19979175de.eps"],
|
|
|
9d3a3d4 |
+)
|
|
|
9d3a3d4 |
+def test_timeout(test_file):
|
|
|
9d3a3d4 |
+ with open(test_file, "rb") as f:
|
|
|
9d3a3d4 |
+ with pytest.raises(Image.UnidentifiedImageError):
|
|
|
9d3a3d4 |
+ with Image.open(f):
|
|
|
9d3a3d4 |
+ pass
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_fli.py Pillow-7.2.0-new/Tests/test_file_fli.py
|
|
|
b666aef |
--- Pillow-7.2.0/Tests/test_file_fli.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/Tests/test_file_fli.py 2021-07-24 22:47:24.166289927 +0200
|
|
|
b666aef |
@@ -123,3 +123,17 @@ def test_seek():
|
|
|
b666aef |
|
|
|
b666aef |
with Image.open("Tests/images/a_fli.png") as expected:
|
|
|
b666aef |
assert_image_equal(im, expected)
|
|
|
b666aef |
+
|
|
|
b666aef |
+@pytest.mark.parametrize(
|
|
|
b666aef |
+ "test_file",
|
|
|
b666aef |
+ [
|
|
|
b666aef |
+ "Tests/images/timeout-9139147ce93e20eb14088fe238e541443ffd64b3.fli",
|
|
|
b666aef |
+ "Tests/images/timeout-bff0a9dc7243a8e6ede2408d2ffa6a9964698b87.fli",
|
|
|
b666aef |
+ ],
|
|
|
b666aef |
+)
|
|
|
b666aef |
+@pytest.mark.timeout(timeout=3)
|
|
|
b666aef |
+def test_timeouts(test_file):
|
|
|
b666aef |
+ with open(test_file, "rb") as f:
|
|
|
b666aef |
+ with Image.open(f) as im:
|
|
|
b666aef |
+ with pytest.raises(OSError):
|
|
|
b666aef |
+ im.load()
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_jpeg2k.py Pillow-7.2.0-new/Tests/test_file_jpeg2k.py
|
|
|
b666aef |
--- Pillow-7.2.0/Tests/test_file_jpeg2k.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/Tests/test_file_jpeg2k.py 2021-07-24 22:47:24.167290005 +0200
|
|
|
b666aef |
@@ -233,3 +233,19 @@ def test_parser_feed():
|
|
|
b666aef |
|
|
|
b666aef |
# Assert
|
|
|
b666aef |
assert p.image.size == (640, 480)
|
|
|
b666aef |
+
|
|
|
b666aef |
+
|
|
|
b666aef |
+@pytest.mark.parametrize(
|
|
|
b666aef |
+ "test_file",
|
|
|
b666aef |
+ [
|
|
|
b666aef |
+ "Tests/images/crash-4fb027452e6988530aa5dabee76eecacb3b79f8a.j2k",
|
|
|
b666aef |
+ "Tests/images/crash-7d4c83eb92150fb8f1653a697703ae06ae7c4998.j2k",
|
|
|
b666aef |
+ "Tests/images/crash-ccca68ff40171fdae983d924e127a721cab2bd50.j2k",
|
|
|
b666aef |
+ "Tests/images/crash-d2c93af851d3ab9a19e34503626368b2ecde9c03.j2k",
|
|
|
b666aef |
+ ],
|
|
|
b666aef |
+)
|
|
|
b666aef |
+def test_crashes(test_file):
|
|
|
b666aef |
+ with open(test_file, "rb") as f:
|
|
|
b666aef |
+ with Image.open(f) as im:
|
|
|
b666aef |
+ # Valgrind should not complain here
|
|
|
b666aef |
+ im.load()
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_psd.py Pillow-7.2.0-new/Tests/test_file_psd.py
|
|
|
b666aef |
--- Pillow-7.2.0/Tests/test_file_psd.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/Tests/test_file_psd.py 2021-07-24 22:47:24.167290005 +0200
|
|
|
b666aef |
@@ -127,3 +127,24 @@ def test_combined_larger_than_size():
|
|
|
b666aef |
# then the seek can't be negative
|
|
|
b666aef |
with pytest.raises(OSError):
|
|
|
b666aef |
Image.open("Tests/images/combined_larger_than_size.psd")
|
|
|
b666aef |
+
|
|
|
b666aef |
+@pytest.mark.parametrize(
|
|
|
b666aef |
+ "test_file,raises",
|
|
|
b666aef |
+ [
|
|
|
b666aef |
+ (
|
|
|
b666aef |
+ "Tests/images/timeout-1ee28a249896e05b83840ae8140622de8e648ba9.psd",
|
|
|
b666aef |
+ Image.UnidentifiedImageError,
|
|
|
b666aef |
+ ),
|
|
|
b666aef |
+ (
|
|
|
b666aef |
+ "Tests/images/timeout-598843abc37fc080ec36a2699ebbd44f795d3a6f.psd",
|
|
|
b666aef |
+ Image.UnidentifiedImageError,
|
|
|
b666aef |
+ ),
|
|
|
b666aef |
+ ("Tests/images/timeout-c8efc3fded6426986ba867a399791bae544f59bc.psd", OSError),
|
|
|
b666aef |
+ ("Tests/images/timeout-dedc7a4ebd856d79b4359bbcc79e8ef231ce38f6.psd", OSError),
|
|
|
b666aef |
+ ],
|
|
|
b666aef |
+)
|
|
|
b666aef |
+def test_crashes(test_file, raises):
|
|
|
b666aef |
+ with open(test_file, "rb") as f:
|
|
|
b666aef |
+ with pytest.raises(raises):
|
|
|
b666aef |
+ with Image.open(f):
|
|
|
b666aef |
+ pass
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_file_tiff.py Pillow-7.2.0-new/Tests/test_file_tiff.py
|
|
|
b666aef |
--- Pillow-7.2.0/Tests/test_file_tiff.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/Tests/test_file_tiff.py 2021-07-24 22:47:24.167290005 +0200
|
|
|
b666aef |
@@ -598,8 +598,9 @@ class TestFileTiff:
|
|
|
b666aef |
@pytest.mark.filterwarnings("ignore:Possibly corrupt EXIF data")
|
|
|
b666aef |
def test_string_dimension(self):
|
|
|
b666aef |
# Assert that an error is raised if one of the dimensions is a string
|
|
|
b666aef |
- with pytest.raises(ValueError):
|
|
|
b666aef |
- Image.open("Tests/images/string_dimension.tiff")
|
|
|
b666aef |
+ with Image.open("Tests/images/string_dimension.tiff") as im:
|
|
|
b666aef |
+ with pytest.raises(OSError):
|
|
|
b666aef |
+ im.load()
|
|
|
b666aef |
|
|
|
b666aef |
|
|
|
b666aef |
@pytest.mark.skipif(not is_win32(), reason="Windows only")
|
|
|
0647175 |
diff -rupN --no-dereference Pillow-7.2.0/Tests/test_imagefont.py Pillow-7.2.0-new/Tests/test_imagefont.py
|
|
|
b666aef |
--- Pillow-7.2.0/Tests/test_imagefont.py 2020-06-30 09:50:35.000000000 +0200
|
|
|
0647175 |
+++ Pillow-7.2.0-new/Tests/test_imagefont.py 2021-07-24 22:47:24.168290084 +0200
|
|
|
b666aef |
@@ -753,3 +753,15 @@ def test_render_mono_size():
|
|
|
b666aef |
|
|
|
b666aef |
draw.text((10, 10), "r" * 10, "black", ttf)
|
|
|
b666aef |
assert_image_equal_tofile(im, "Tests/images/text_mono.gif")
|
|
|
b666aef |
+
|
|
|
b666aef |
+@pytest.mark.parametrize(
|
|
|
b666aef |
+ "test_file",
|
|
|
b666aef |
+ [
|
|
|
b666aef |
+ "Tests/fonts/oom-e8e927ba6c0d38274a37c1567560eb33baf74627.ttf",
|
|
|
b666aef |
+ ],
|
|
|
b666aef |
+)
|
|
|
b666aef |
+def test_oom(test_file):
|
|
|
b666aef |
+ with open(test_file, "rb") as f:
|
|
|
b666aef |
+ font = ImageFont.truetype(BytesIO(f.read()))
|
|
|
b666aef |
+ with pytest.raises(Image.DecompressionBombError):
|
|
|
b666aef |
+ font.getmask("Test Text")
|